Firefox update fixes zero-day JavaScript flaw

Mozilla has released an update version of Firefox that addresses a previously unpatched flaw that has become the target of hacking attacks over recent days.

Firefox 3.5.1, released on Thursday, resolves a Just-in-Time (JIT) JavaScript compiler flaw in version 3.5 of the popular open source browser software, as explained in Mozilla's advisory here. Exploits based on the vulnerability were posted on a security site on Tuesday so Mozilla deserves credit for acting promptly on what might otherwise have been a potentially nasty problem that posed memory corruption and malware injection risks.

The latest update also corrects a performance issue that resulted in slow start-up on Windows systems.

Users are advised to apply the update, remembering to re-enable the Just-in-Time compiler in cases where Mozilla's previously suggested workaround has been applied. ®